← Back to branch summary

~ubuntu-branches/ubuntu/gutsy/git-core/gutsy-updates

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2009-02-13 09:32:33 UTC
  • Revision ID: package-import@ubuntu.com-20090213093233-0poc4bbrybm7490s
Tags: 1:1.5.2.5-2ubuntu0.1
https://launchpad.net/bugs/248750
https://launchpad.net/bugs/317052
https://launchpad.net/bugs/317052
* SECURITY UPDATE: arbitrary code execution via long PATH in diff_addremove
  and diff_change (LP: #248750)
  - debian/diff/0007-SECURITY-CVE-2008-3546.diff: safely build the full path.
  - CVE-2008-3546
* SECURITY UPDATE: arbitrary command execution via shell metacharacters
  related to git_search in gitweb (LP: #317052)
  - debian/diff/0006-CVE-2008-5516.diff: use git-log instead of git-rev-list |
    git-diff-tree for pickaxe search in gitweb/gitweb.perl.
  - CVE-2008-5516
* SECURITY UPDATE: arbitrary command execution via shell metacharacters
  related to git_snapshot and git_object in gitweb (LP: #317052)
  - debian/diff/0007-CVE-2008-5517.diff: quote the given arguments before
    passing them to the shell in gitweb/gitweb.perl.
  - CVE-2008-5517
Filename Latest Rev Last Changed Committer Comment Size
..
.gitignore 1.1.14 17 years ago Package Import Robot Import upstream version 1.5.1.2 47 bytes Diff Download File
Git.pm 1.1.17 17 years ago Package Import Robot Import upstream version 1.5.2 22.4 KB Diff Download File
Makefile 1.1.16 17 years ago Package Import Robot Import upstream version 1.5.1.4 1 KB Diff Download File
Makefile.PL 1.1.14 17 years ago Package Import Robot Import upstream version 1.5.1.2 761 bytes Diff Download File
private-Error.pm 1.1.14 17 years ago Package Import Robot Import upstream version 1.5.1.2 18.6 KB Diff Download File